BIG-IP AFM is an add-on module that integrates with BIG-IP Local Traffic Manager (LTM). When the AFM and LTM modules are provisioned, it is important to understand how the baseline or default configuration affects traffic processing.
LTM is considered to be default deny. This means that when no traffic processing objects are configured, for example a virtual server and a pool, the BIG-IP system will not process any network traffic. You need to configure at least one traffic processing object on the BIG-IP system to begin processing traffic.
AFM Network Firewall is considered to be default allow, also known as Application Delivery Controller (ADC) mode. This mode allows access to all traffic processing objects and requires one or more firewall rules to block access.